package com.uniview.plugins.workplus;

import java.util.Hashtable;

import javax.naming.Context;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;

import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

/**
 * Created by lizj on 2016/9/12.
 */
@Service("userCredentialsOperations")
public class UserCredentialsOperations{
	private Logger logger = Logger.getLogger(UserCredentialsOperations.class);
	
	@Value("#{configProperties['uniview.ldapUrl']}")
    private String ldapUrl;
	
	@Value("#{configProperties['uniview.ldapSuffix']}")
    private String ldapSuffix;

    public static final String DOMAIN_USER_NOT_FOUND = "525";
    public static final String DOMAIN_INVALID_CREDENTIALS = "52e";
    public static final String DOMAIN_NOT_PERMIT_LOGON = "530";
    public static final String DOMAIN_PASS_EXPIRED = "532";
    public static final String DOMAIN_ACCOUNT_DISABLED = "533";
    public static final String DOMAIN_ACCOUNT_EXPIRED = "701";
    public static final String DOMAIN_RESET_PASS = "773";
    public static final String DOMAIN_ACCOUNT_LOCKED = "775";

    public static final String DOMAIN_SUCCESS = "success";
    
    UserCredentialsOperations(){}
    
    UserCredentialsOperations(String ldapUrl, String ldapSuffix) {
        this.ldapSuffix = ldapSuffix;
        this.ldapUrl = ldapUrl;
    }

    @SuppressWarnings({ "rawtypes", "unchecked" })
	public boolean verify(String username, String password) {

        String LDAP_AUTHENTICATION = "simple";
        StringBuffer sec_principal = new StringBuffer(username);
        sec_principal.append("@").append(ldapSuffix);
        Hashtable env = new Hashtable();
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, ldapUrl);
        env.put(Context.SECURITY_AUTHENTICATION, LDAP_AUTHENTICATION);
        env.put(Context.SECURITY_PRINCIPAL, sec_principal.toString());
        env.put(Context.SECURITY_CREDENTIALS, password);
       
        logger.warn("sec_principal:" + sec_principal);
        //Loggers.me().warn(getClass(), "sec_principal:{}", sec_principal);
        String flag = "";
        LdapContext ctx = null;
        try {
            ctx = new InitialLdapContext(env, null);
            flag = DOMAIN_SUCCESS;
            return true;
        } catch (Exception e) {
        	e.printStackTrace();
            System.out.println(e.getMessage());
            if (e.getMessage().indexOf(DOMAIN_USER_NOT_FOUND) >= 0) {
                flag = DOMAIN_USER_NOT_FOUND;
            } else if (e.getMessage().indexOf(DOMAIN_INVALID_CREDENTIALS) >= 0) {
                flag = DOMAIN_INVALID_CREDENTIALS;
            } else if (e.getMessage().indexOf(DOMAIN_NOT_PERMIT_LOGON) >= 0) {
                flag = DOMAIN_NOT_PERMIT_LOGON;
            } else if (e.getMessage().indexOf(DOMAIN_PASS_EXPIRED) >= 0) {
                flag = DOMAIN_PASS_EXPIRED;
            } else if (e.getMessage().indexOf(DOMAIN_ACCOUNT_DISABLED) >= 0) {
                flag = DOMAIN_ACCOUNT_DISABLED;
            } else if (e.getMessage().indexOf(DOMAIN_ACCOUNT_EXPIRED) >= 0) {
                flag = DOMAIN_ACCOUNT_EXPIRED;
            } else if (e.getMessage().indexOf(DOMAIN_RESET_PASS) >= 0) {
                flag = DOMAIN_RESET_PASS;
            } else if (e.getMessage().indexOf(DOMAIN_ACCOUNT_LOCKED) >= 0) {
                flag = DOMAIN_ACCOUNT_LOCKED;
            }
        } finally {
            try {
                ctx.close();
            } catch (Exception Ignore) {
            }
        }
        //Loggers.me().warn(getClass(), "PROVIDER_URL:{},returnflag:{}", sec_principal, flag);
        logger.warn("PROVIDER_URL:" + sec_principal + ",returnflag:" + flag);
        return false;
    }

}
